Bug Bounty programs are very common today with most of the big tech firms hosing them. The goal is to get hackers to report any bugs they find for a payday rather than turning to the black market to sell their hacks. HP has announced a new Bug Bounty program to lure researchers in to hack its printer software.
The program offers up to $10,000 to hackers who can find these vulnerabilities. HP’s opened its Bug Bounty program in May and had 34 security researchers signed up at the start. One of those researchers was already paid out $10,000 for what was identified as a serious flaw with HP's printers. HP has a wealth of product outside of printers, but says that it chose the printer arm for the Bug Bounty program because of the vulnerabilities present in
Printers were among the very first IoT devices and while printers aren’t normally thought of as an attack vector for hackers, they certainly can be according to HP. The HP program will be run through the Bugcrowd platform, which is a platform for issuing payouts to researchers and inviting researchers to participate.
Researchers invited to participate in the program have access to 15 printers and those printers are isolated in HP’s offices. The researchers are able to remotely connect to the printers to look for vulnerabilities.
The top tier $10,000 payout requires the researchers to find serious flaws in HP printers like the ability to remotely execute code allowing the user to take full control of a printer. If flaws are found via the program, HP pays the researcher and begins to devise a fix to be issued later. HP’s Shivaun Albright told CNET, “We're fixing these issues very quickly and turning them around so they're not found in the wild.”